From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6669723628337102848 X-Received: by 2002:a2e:8881:: with SMTP id k1mr3945879lji.7.1555419923377; Tue, 16 Apr 2019 06:05:23 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:8987:: with SMTP id c7ls687107lji.4.gmail; Tue, 16 Apr 2019 06:05:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqy5LCn6F5Wq9PIJUcAv9II3gMVR0j+k4VfG5NJlNC5sKCF6IwtXF+tTn9njHObWnNn90RJJ X-Received: by 2002:a2e:8345:: with SMTP id l5mr4057152ljh.29.1555419922777; Tue, 16 Apr 2019 06:05:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555419922; cv=none; d=google.com; s=arc-20160816; b=fLQEIna7tCao7scWOkUlI290zc/a7df3EQvNsoPE4gNnVx7A7bTqP4e0JICzyz3Vo8 WMNmyQe/AScsFbSMBcptusAHQ17PBrV42Y19klAS+LovuqzPNJsCGNr6tQO8E0Icy6wk hRh8a6EyDSdK+4W49AxHoHFDPiQX7qXUIO9Z+kfYzL3iEJ5easNl81U0Jg3FcA4WkahX tvlsW4vlj3iOnyEkkJmxhdMKuNLImz+CbgpH24cZbZJJ1PslSLonYPowxsBqoW27Oppv QUWc2qcv/naz7bLHRHHJA/jrqKMHj3lJ9NO/EsXpT3dqhJVfR7fLRG0yLJ3mfX1gIDbM 8D8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=BKDouDfUBcm9X4JfJNdvngNt1aZipLXuAu4In+0mJkI=; b=qvbPpY1WwO2hZ00Ht25x6KVSB+WAQKdbc9g7zk9JOW7LbKtDCETk79bhp6xlc+t/SV z3mn0iLlNzXTpRET9j8eZr7qQQ1d5t7XBww2FTvsXO/EjpI9nIOWZ/BI5pOrSDAPIyeP HkVZz5Lj+PzBO3DrNmK1ni/1VXLaOjvahC3iJ8BxICfh+a+o1YL54P3mkzE+u15qpp/F c8ljGIl5bTH9uA25ZUaxWkSEasMwnXcGQy9tmniER9oOgOmw7O4eCP6e3+CtS5cLG3SB 0/PAqJtkNaRczktWwgW9UAlZGPkMtPEiUKL1+/IcNiIWgy810dZ3F6TNuQrYLFPPG/CV S0gw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Return-Path: Received: from goliath.siemens.de (goliath.siemens.de. [192.35.17.28]) by gmr-mx.google.com with ESMTPS id v89si1857648lje.4.2019.04.16.06.05.22 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 16 Apr 2019 06:05:22 -0700 (PDT) Received-SPF: pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.28 as permitted sender) client-ip=192.35.17.28; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of andreas.reichel.ext@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=andreas.reichel.ext@siemens.com Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11]) by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id x3GD5LBW008452 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 16 Apr 2019 15:05:22 +0200 Received: from localhost.localdomain (golem.ppmd.siemens.net [139.25.69.122]) by mail2.siemens.de (8.15.2/8.15.2) with ESMTP id x3GD5L2r003341; Tue, 16 Apr 2019 15:05:21 +0200 From: "Andreas J. Reichel" To: isar-users@googlegroups.com Cc: Andreas Reichel Subject: [PATCH v9 3/5] If we use a custom keyring debootstrap may fall to https Date: Tue, 16 Apr 2019 15:05:09 +0200 Message-Id: <20190416130511.10873-4-andreas.reichel.ext@siemens.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190416130511.10873-1-andreas.reichel.ext@siemens.com> References: <20190416130511.10873-1-andreas.reichel.ext@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TUID: oCrUx5XUoSIZ From: Andreas Reichel See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891009 So if we have something in the distro bootstrap keyring, append https-support to OVERRIDES. Furthermore, the conditional append for https-support was missing in qemuamd64-stretch.conf, thus, remove this from all the distros and put it into the isar-bootstrap.inc. Furthermore, packages are comma-, not space-separated. Signed-off-by: Andreas Reichel --- meta-isar/conf/multiconfig/qemuamd64-buster.conf | 1 - meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 8 ++++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/meta-isar/conf/multiconfig/qemuamd64-buster.conf b/meta-isar/conf/multiconfig/qemuamd64-buster.conf index 63df75c..da90993 100644 --- a/meta-isar/conf/multiconfig/qemuamd64-buster.conf +++ b/meta-isar/conf/multiconfig/qemuamd64-buster.conf @@ -18,4 +18,3 @@ QEMU_MACHINE ?= "q35" QEMU_CPU ?= "" QEMU_DISK_ARGS ?= "-hda ##ROOTFS_IMAGE## -bios /usr/local/share/ovmf/OVMF.fd" -DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = " apt-transport-https ca-certificates" diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc index 835ad52..c6c3cde 100644 --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc @@ -27,6 +27,7 @@ THIRD_PARTY_APT_KEYFILES = "" DEPLOY_ISAR_BOOTSTRAP ?= "" DISTRO_BOOTSTRAP_BASE_PACKAGES = "locales" DISTRO_BOOTSTRAP_BASE_PACKAGES_append_gnupg = ",gnupg2" +DISTRO_BOOTSTRAP_BASE_PACKAGES_append_https-support = ",apt-transport-https,ca-certificates" DISTRO_APT_PREMIRRORS ?= "${@ "http://ftp\.(\S+\.)?debian.org file:///${REPO_BASE_DIR} \n" if bb.utils.to_boolean(d.getVar('ISAR_USE_CACHED_BASE_REPO')) else "" }" @@ -161,6 +162,13 @@ def get_distro_have_https_source(d, is_host=False): return any(source[2].startswith("https://") for source in generate_distro_sources(d, is_host)) def get_distro_needs_https_support(d, is_host=False): + distro_bootstrap_keys = d.getVar("DISTRO_BOOTSTRAP_KEYS", False) + if distro_bootstrap_keys and distro_bootstrap_keys != "": + # debootstrap falls back to https if there is no + # 'reliable' keyring, whatever that means, but it happened + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891009 + return "https-support" + if get_distro_have_https_source(d, is_host): return "https-support" else: -- 2.21.0